Acer Aspire BIOS vulnerability
CVE-2022-4020

8.1HIGH

Key Information:

Vendor: Acer
Status: Aspire A315-22; Aspire A115-21; Aspire A315-22g; Extensa Ex215-21
Vendor: CVE Published:; 28 November 2022

What is CVE-2022-4020?

Vulnerability in the HQSwSmiDxe DXE driver on some consumer Acer Notebook devices may allow an attacker with elevated privileges to modify UEFI Secure Boot settings by modifying an NVRAM variable.

Affected Version(s)

Aspire A115-21 1.04 < 1.11

Aspire A315-22 1.04 < 1.11

Aspire A315-22G 1.04 < 1.11

References

https://community.acer.com/en/kb/articles/15520-security-...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2022
Vulnerability Reserved
Nov 16, 2022

Credit

Martin Smolár @ ESET